 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.841909 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-2296-1) |
| Summary: | The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-2296-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-2296-1 advisory. Vulnerability Insight: Christian Holler, David Keeler and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1547) Atte Kettunen discovered a buffer overflow when interacting with WebAudio buffers. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1549) Atte Kettunen discovered a use-after-free in WebAudio. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1550) Jethro Beekman discovered a use-after-free when the FireOnStateChange event is triggered in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1555) Patrick Cozzi discovered a crash when using the Cesium JS library to generate WebGL content. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privilges of the user invoking Thunderbird. (CVE-2014-1556) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in CERT_DestroyCertificate. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1544) A crash was discovered in Skia when scaling an image, if the scaling operation takes too long. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1557) Christian Holler discovered several issues when parsing certificates with non-standard character encoding, resulting in the inability to use valid SSL certificates in some circumstances. (CVE-2014-1558, CVE-2014-1559, CVE-2014-1560) Boris Zbarsky discovered that network redirects could cause an iframe to escape the confinements defined by its sandbox attribute in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2014-1552) Affected Software/OS: 'thunderbird' package(s) on Ubuntu 12.04, Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-1544 BugTraq ID: 68816 http://www.securityfocus.com/bid/68816 Debian Security Information: DSA-2986 (Google Search) http://www.debian.org/security/2014/dsa-2986 Debian Security Information: DSA-2996 (Google Search) http://www.debian.org/security/2014/dsa-2996 https://security.gentoo.org/glsa/201504-01 http://www.securitytracker.com/id/1030617 http://secunia.com/advisories/59591 http://secunia.com/advisories/59719 http://secunia.com/advisories/59760 http://secunia.com/advisories/60083 http://secunia.com/advisories/60486 http://secunia.com/advisories/60621 http://secunia.com/advisories/60628 Common Vulnerability Exposure (CVE) ID: CVE-2014-1547 BugTraq ID: 68811 http://www.securityfocus.com/bid/68811 http://www.securitytracker.com/id/1030619 http://www.securitytracker.com/id/1030620 http://secunia.com/advisories/60306 Common Vulnerability Exposure (CVE) ID: CVE-2014-1549 BugTraq ID: 68820 http://www.securityfocus.com/bid/68820 Common Vulnerability Exposure (CVE) ID: CVE-2014-1550 Common Vulnerability Exposure (CVE) ID: CVE-2014-1552 Common Vulnerability Exposure (CVE) ID: CVE-2014-1555 BugTraq ID: 68814 http://www.securityfocus.com/bid/68814 Common Vulnerability Exposure (CVE) ID: CVE-2014-1556 BugTraq ID: 68822 http://www.securityfocus.com/bid/68822 Common Vulnerability Exposure (CVE) ID: CVE-2014-1557 BugTraq ID: 68824 http://www.securityfocus.com/bid/68824 Common Vulnerability Exposure (CVE) ID: CVE-2014-1558 Common Vulnerability Exposure (CVE) ID: CVE-2014-1559 Common Vulnerability Exposure (CVE) ID: CVE-2014-1560 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |